CYB236 Chapter 8: Host-based Intrusion Detection Systems

Questions and Answers

What is the primary function of a host-based IDPS?

• To monitor the Internet for potential threats
• To monitor the entire network for suspicious activity
• To monitor the organization's firewall for unauthorized access
• To monitor the characteristics of a single host and the events occurring within that host for suspicious activity (correct)

What is the typical component of most host-based IDPSs installed on the hosts of interest?

• Proxies
• Sensors
• Agents (correct)
• Gateways

What does an agent designed to monitor a server typically monitor?

• The OS and common client applications
• The OS and some common applications (correct)
• Only the operating system (OS)
• Only common applications

What is an application-based IDPS also known as?

Some agents perform monitoring for a specific application service only (B)

Where do agents deploy to in a network architecture?

To existing hosts on the organization's networks (C)

What do agents communicate over in a network architecture?

Same networks (A)

What is the primary difference between a host-based IDPS and a network-based IDPS?

The scope of monitoring (D)

What is the purpose of a prevention action in a host-based IDPS?

To respond to suspicious activity (D)

What is the primary function of a shim in a host-based IDPS?

To intercept, analyse, and determine allowing or denying access (C)

What type of architecture do host-based IDPSs use?

Host-based (D)

What is logged by host-based IDPSs?

Timestamp, event type, event details, and prevention action performed (B)

What is an example of an event detected by host-based IDPSs?

All of the above (D)

What is a limitation of host-based IDPSs?

All of the above (D)

What is a prevention capability of host-based IDPSs?

Preventing code from being executed (B)

Where are appliance-based agents deployed?

Inline, in front of the hosts they protect (C)

What is a security capability of host-based IDPSs?

All of the above (D)

What is the primary purpose of Network Traffic Filtering?

To prevent unauthorized access and acceptable use policy violations (C)

What is the function of Filesystem Monitoring?

To prevent files from being accessed, modified, replaced, or deleted (B)

What is the purpose of Removable Media Restriction?

To prevent malware from being transferred or copied to or from the host (D)

What does Audiovisual Device Monitoring indicate?

If the host is compromised (D)

What is the function of Host Hardening?

To detect and enable disabled security functions (B)

What is the purpose of Process Status Monitoring?

To monitor the status of processes or services and security programs (A)

What is Network Traffic Sanitization used for?

To prevent sensitive information from being displayed on web server pages (B)

What is unique about updating agents in host-based IDPSs?

It is related to the type of operating system (C)

What is a common capability offered by most host-based IDPSs?

Management capabilities (D)

Flashcards are hidden until you start studying